• 03 Jan 2012

    Damballa’s Fight Against Advanced Malware

    Malware being out of sight and out of mind often creates the perception that risks aren't present. Just because there’s no perceived risk, doesn’t mean it’s not there. Heads buried in the sand over the real malware threat leads to breaches that most organizations aren't prepared to handle. Having worked on a project involving an APT infection, I’ve seen first-hand how ugly this stuff can get.Endpoint protection isn’t enough. Analyzing ...

    Continue Reading...
  • 16 Dec 2011

    AlgoSec & what happens when you don’t look for flaws from every angle

    I recently had the opportunity to see how well AlgoSec's Firewall Analyzer performs in a real-world security assessment. Long story short, Firewall Analyzer found a weak password on an Internet-facing firewall that would've gone undetected otherwise. A traditional vulnerability scanner didn't find it nor did two different Web vulnerability scanners. Nothing was uncovered via manual analysis either.Only AlgoSec's Firewall Analyzer found the weakness...no doubt a flaw that would've been exploited ...

    Continue Reading...
  • 12 Dec 2011

    Why uninterruptible power supplies have higher quality than Web apps

    I recently purchased an APC uninterruptible power supply for my office and noticed something peculiar in the packaging. It was a small piece of paper that says "QUALITY ASSURANCE TEST". It has the time, date, operator ID and other identifying information for the specific piece of hardware.As you can see in the image, this QA test sheet has 33 unique tests that were performed on the unit presumably before it ...

    Continue Reading...
  • 09 Dec 2011

    Reactive security at its finest

    I've been hearing on the news about Georgia State University (@GeorgiaStateU) installing 50 new security cameras. No doubt, universities in downtown Atlanta (one of the highest-crime cities in the nation) are not fairing so well with security these days so somebody needs to do something, no?Well, Georgia State's solutions was to install more security cameras. Is this security theater at it's finest? Not totally, but it is security theater like ...

    Continue Reading...
  • 07 Dec 2011

    BitLocker, Passware…heads in sand everywhere!

    Three times in the past three weeks. That's how many conversations I've had people who have blown off any sort of technical or operational weaknesses associated with Microsoft BitLocker when using it as an enterprise full disk encryption solution. They're well-documented. I highlighted these issues in my recent whitepaper The Hidden Costs of Microsoft BitLocker as well.I've said it before and I'll continue saying it: I've sung the praises of ...

    Continue Reading...
  • 20 Nov 2011

    A new way to bleed

    I was in New York City this past week for my final keynote and related presentations for our TechTarget & CDW information security roadshow. Wow, 10 cities in eight months - what a great way to end our year. Of course, being in New York I couldn't help but notice the *constant* coverage of the Occupy Wall Street protests that ended up turning a bit ugly on Thursday - the ...

    Continue Reading...
  • 10 Nov 2011

    Why compliance is a threat

    Compliance as we know it is arguably one of the greatest threats to enterprise security. Here's why:It creates a heightened sense of self for those responsible for accomplishing a state of compliance.It can cost more to become "compliant" than it does to create a reasonably secure environment.It empowers government.All of the above create complacency and a false sense of security. Please tell me I'm wrong....

    Continue Reading...
  • 08 Nov 2011

    One of my pet peeves: relying on users to wipe out wimpy passwords

    You cannot - and should never - rely on your users for complete security...yet they're often the first or last line of defense - sometimes both. I wrote about this a while back but it's a problem that's still rampant in IT so I had to bring it up again. It's probably my biggest pet peeves with security. Simply telling users that they need to select strong passwords on their ...

    Continue Reading...
  • 21 Oct 2011

    Users making security decisions is your Achilles’ heel

    I recently came across some content in a book outlining the benefits of SSL. The author depicted a scenario where SSL is in place to help the user authenticate the server/site he's connecting to and if a certificate-related error popped up in the browser then the user would know that the site was malicious and (presumably) not continue on with the connection. This very situation is an example of how ...

    Continue Reading...
  • 15 Sep 2011

    Your organization vs. BP: what will faulty decisions lead to in your business?

    Imagine a scenario where poor management, failure to take appropriate action, personnel changes and miscommunication about who's responsible for what leads to a catastrophic event at your business? That's exactly what the findings were of the BP oil spill.Sadly, 11 people died because of this incident. Luckily, our line of work isn't quite so risky but your business can still get in a bind when information security is mismanaged.Here's a ...

    Continue Reading...

Success expert Brian Tracy shares his thoughts on Kevin:

Resources

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

Kevin has written/co-written 12 books on information security including one of the best-sellers of all time:


Hacking For Dummies, 8th edition penetration testing book

Tags

AI appsec basics books Career Networking careers censorship cervical instability CIO compliance coronavirus covid-19 cybersecurity data breaches discipline eagle syndrome hacking Hacking For Dummies health helmet communications incident response keynote speaker leadership NCAA football networking outsourcing passwords policy enforcement Power Four rare diseases resilience Russian hacking security security leadership security speaker social engineering speaking engagements tethered spinal cord tiktok time management underimplemented vulnerability and penetration testing web security willingness zero-based thinking

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.